Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Server hacked, Desperate for help with FC6

Is there any reason for FC6, or was it just a matter of selecting a distro?

I recently tried the new Ubuntu Enterprise, and I can't say I hate it
for a server. I definitely like the fact that it doesn't install
anything to speak of, which leaves all of those unknown attack vectors
out in the cold, as well as being able to run it on minimal hardware
without going to the trouble of turning off lots of stuff. It does
require you to take into account the fact that you then need to install
what you need, however apt-get is fairly simple to use (it's debian-based).

I have tried RHEL3 & 4, RedHat Pro Desktop, Suse Desktop 9, Ubuntu
Desktop & Ubuntu Enterprise, Fedora Core 4 & 5, SlackWare (9 maybe?),
and YellowDog. So far I like Suse best for a Desktop (with both Gnome &
KDE installed, but KDE as the desktop), and Ubuntu Enterprise as a Server.

The RHEL3 boxes I've used are always being attacked, and several times
hacked. It just takes way too much energy to keep up with all of the
possibilities for exploits on those things.

The RedHat Desktop would regularly crash or freeze.

The Suse 9 Desktop I am still using at work. No problems to speak of.

The Ubuntu Enterprise server we're using was compromised on a
non-priviledged account once, but there isn't anything installed that
the user could use, so no worries. It only runs Bind9 & HTTP, so it
can't be used for mail, and I only had to address configuring those two
services for security purpoase. That inevitably saves alot of worry.

I've also added the attached snippet to the end of my /etc/profiles on
those machines, only allowing logins from a single internal machine to
my Linux boxen (the .24 machine runs IRIX ;-) . I then run a cron every
minute that looks for the 'login' file, and if found emails the
hmail.txt file (by piping it into sendmail -t). It's not foolproof (you
could just type Ctrl-C if you're smart enough), but it definitely helps
I hope that helps,
Grant M.
Grant M.
NeonEdge...Web Pages by Design

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
URL: <>

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /